Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 15388 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-44140 1 Jizhicms 1 Jizhicms 2025-04-25 N/A 8.8 HIGH
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
CVE-2022-36193 1 Lahirudanushka 1 School Management System 2025-04-25 N/A 9.8 CRITICAL
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
CVE-2024-25469 1 Crmeb 1 Crmeb Java 2025-04-25 N/A 7.5 HIGH
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
CVE-2022-3848 1 Wp User Merger Project 1 Wp User Merger 2025-04-25 N/A 8.8 HIGH
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
CVE-2022-42109 1 Online-shopping-system-advanced Project 1 Online-shopping-system-advanced 2025-04-25 N/A 9.8 CRITICAL
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
CVE-2022-45329 1 Aerocms Project 1 Aerocms 2025-04-25 N/A 7.5 HIGH
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
CVE-2022-3751 1 Owncast Project 1 Owncast 2025-04-25 N/A 9.8 CRITICAL
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.
CVE-2022-44291 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
CVE-2022-44290 1 Webtareas Project 1 Webtareas 2025-04-24 N/A 9.8 CRITICAL
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
CVE-2022-44277 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.
CVE-2022-45328 1 Church Management System Project 1 Church Management System 2025-04-24 N/A 7.2 HIGH
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
CVE-2022-44348 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
CVE-2022-44347 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.
CVE-2022-44345 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.
CVE-2022-44296 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
CVE-2022-44295 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.
CVE-2022-44294 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 7.2 HIGH
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
CVE-2022-44151 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-24 N/A 9.8 CRITICAL
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
CVE-2022-30528 1 Isic.lk Project 1 Isic.lk 2025-04-24 N/A 9.8 CRITICAL
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
CVE-2024-54927 1 Lopalopa 1 E-learning Management System 2025-04-24 N/A 7.2 HIGH
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.